[squid-users] anonymous squid setup on digital ocean centos 6 but my IP still detected

[Amos Jeffries]

On 7/03/2017 12:31 a.m., Alex Muir wrote:
> Greetings,
> 
> I have implemented the following tutorial
> <https://www.digitalocean.com/community/tutorials/how-to-install-squid-proxy-on-centos-6>
> from
> digital ocean which sets up squid with settings to not have my IP address
> forwarded.
> 
> I'm finding however that my local IP is still detected when I google what
> my local ip address is.  I've configured firefox browser to use the proxy
> and have confirmed that it is using the proxy. Additionally https goes
> through the proxy however http is blocked. I'd like to ensure that http is
> not blocked.
> 
> What changes do I need to make to get this working as desired?

Firstly, you need to use an up-to-date version of Squid.

Secondly, configure with:
"
  via off
  forwarded_for transparent
"

Beyond those two lines there is nothing Squid can do to prevent active
scripts from reporting what your browser thinks its IP address is.
Eliezer already referred to html5 things. The browser itself is
betraying you just by running those scripts.

Note that the above config is *all* you need to do. The
request_header_access settings are not relevant. All they do is filter
custom headers the browser may be sending and Squid blindly relaying.
Which brings us to the HTTPS ...

When a browser is configured to use a proxy (like yours), HTTPS goes
through as a request to setup an opaque tunnel end-to-end. In other
words all the encrypted HTTP messages are direct between your browser
and the server.

So, the request_header_access filtering which you are having the proxy
do is useless and not doing a thing to those encrypted messages.
"working" there means the server has complete visibility into the client
browser but cannot see the proxy - except that the 'client IP' the
server sees is that of the proxy. Which is what the above two mentioned
config lines make happen for the HTTP traffic.


Amos